Firefox Losing Session Variables on Redirect

Posted by bretto36 on April 28th, 2008

So I’ve been attempting to deal with an issue on a CMS I made for quite sometime. When People logged into the CMS they would be redirected to the Homepage from the Login page. They would get a first glimpse of the homepage then once they clicked a link they would be redirected back to the login page as the SESSION variables would disappear.

The problem was firefox feels that http://www.mysite.com is a totally separate site to http://mysite.com so it resets the SESSION variables.

I changed my links which i had prepended the domain to for some unknown reason (I’m sure there was a logical reason when i wrote it), so I changed it to /pageNames.html and all was well in the world again.

While researching this bug I found some other solutions

Call session_write_close() before using a header redirect in PHP

The worst possible solution would be to pass the SESSION Id (SID) in the url (not recommended) but nevertheless if worse comes to worse it is a solution.

5 Responses to “Firefox Losing Session Variables on Redirect”

Firefox also sees a redirect from http://www.host.com/page1.html to http://www.host.com/page2.html as a totally separate site. the solution as posted here is to only use relative links so “page2.html” really sucks for off site credit card payments when they redirect you back to the original site. I still consider this a bug.

Generally with redirecting to a off site credit card payment system and back as long as it was the same main domain no change to www then the session variables would remain active. I will do some testing of this. Thanks for the comment Chris

Thanks for posting this, you are a God amongst Men!!!! I had to deal with this issue today. I did notice one thing that lead to different solution for me. After the first redirect to http://www.website.com the session variable was lost. However after the second redirect to http://www.website.com the session variable held its value. So as a solution i force an initial redirect to http://www.website.com before the user can input any data. I have tested it out with off site credit transactions and it seems to do the trick.